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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH (S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 
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2a)D This action is FINAL. 2b)[3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 
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* See the attached detailed Office action for a list of the certified copies not received. 



Attachmant(s) 

1) [3 Notice of References Cited (PTO-892)^ 

2) O Notice of DraftspersoiYs Patent Drawing Review (PTO-948) 

3) EX] Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 

Paper No(s)/Mail Date 20040901 .^ 



4) \Z\ Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) O Notice of Informal Patent Application (PTO-152) 

6) □ Other: . 



U.S. Patent and Trademark Office 

PTOL-326 (Rev. 1-04) 



Office Action Summary 



Part of Paper No./Mail Date 20040901 



Application/Control Number: 09/720,542 Page 2 

Art Unit: 21 32 

DETAILED ACTION 
Drawings 

1 . The drawings are objected to under 37 CFR 1 .83(a) because they consist solely 
of empty boxes and fail to show any of the detail as described in the specification. Any 
structural detail that is essential for a proper understanding of the disclosed invention 
should be shown in the drawing. MPEP § 608.02(d). Corrected drawing sheets in 
compliance with 37 CFR 1 .121(d) are required in reply to the Office action to avoid 
abandonment of the application. Any amended replacement drawing sheet should 
include all of the figures appearing on the immediate prior version of the sheet, even if 
only one figure is being amended. The figure or figure number of an amended drawing 
should not be labeled as "amended." If a drawing figure is to be canceled, the 
appropriate figure must be removed from the replacement sheet, and where necessary, 
the remaining figures must be renumbered and appropriate changes made to the brief 
description of the several views of the drawings for consistency. Additional replacement 
sheets may be necessary to show the renumbering of the remaining figures. The 
replacement sheet(s) should be labeled "Replacement Sheet" in the page header (as 
per 37 CFR 1 .84(c)) so as not to obstruct any portion of the drawing figures. If the 
changes are not accepted by the examiner, the applicant will be notified and informed of 
any required corrective action in the next Office action. The objection to the drawings 
will not be held in abeyance. 
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Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

3. Claims 30-34, 38-42, 46-49, and 51-55 are rejected under 35 U.S.C. 102(b) as 
being anticipated by Hu (U.S. Patent No. 5586260). In regards to claims 30, 38, 46 and 
51 , Hu discloses a design that pertains to an authentication gateway computer system 
that acts as an intermediary between client and server systems. Hu discloses in Fig. 1 
and in column 3, lines 58-67 through column 4, lines 1-16 how a gateway system 
resides between a client system and a server system and acts as an intermediary 
between the two systems by intercepting communications and allowing the client 
system to conform to the correct security mechanism associated with the server system. 
This disclosure meets the limitations set forth under claims 30, 38, 46 and 51 that call for 
interconnecting a network device between computer equipment to be secured and the 
network as well as intercepting communications between the computer equipment and 
the network. Hu further discloses in column 4, lines 32-38 how an authentication 
gateway (which is part of the intermediary between the client and server systems) 
acquires authentication credentials of the client system that relate to the identity of the 
client. This disclosure meets the limitations set forth under claims 30, 38, 46 and 51 
that call for obtaining information related to the user of the computer equipment by an 
authentication module. This disclosure also meets the limitations set forth under claims 
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30, 38, 46 and 51 that call for defining a security level by the authentication module 
because the authentication gateway in Hu's design makes a determination of whether 
or not the client system is authorized to communicate with the server system. Hu 
further discloses in column 5, lines 41-57 how a client can make a request to a server 
and that upon doing this a proxy server (which is also a part of the intermediary 
between the client and server systems as shown in figure 3) will retrieve the client's 
authenticated identity for the authentication gateway ensuring that authenticity of the 
client's identity as well as ensuring that the client is allowed to communicate with the 
server. These disclosures meet the limitations set forth under claims 30, 38, 46 and 51 
that call for transmitting information related to the user (client) to an authentication 
management server (proxy server of figure 3) and using the authentication management 
server to authenticate the user (client). Hu further discloses in column 5, lines 65-67 
through column 6, lines 1-1 1 how server credentials are stored as "security context" for 
the client and get cached in order to facilitate future communications between the client 
system and the server system. This disclosure meets the limitations set forth under 
claims 30, 38, 46 and 51 that call for transmitting and storing security parameters to the 
network device (client system) because in Hu's design the security contexts are 
saved/cached in order to allow for future communications between client systems and 
server systems to be secure and authenticated. 

4. In regards to claims 31 , 33, 39, 41 , 47, 48, 52, and 54, Hu discloses in column 4, 
lines 59-67 through column 5, lines 1-3 that a server has as part of its own security 
mechanism the means to check an access control list (ACL) in order to determine 
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whether a client seeking access has been authorized. This disclosure meets the 
limitations set forth under claims 31 , 33, 39, 41 , 47, 48, 52, and 54 that call for allowing 
the security parameters to comprise a list of authorized client/server applications 
because if a particular client attempting to communicate with a server will only be 
allowed to do so if they are identified an the ACL as being authorized to do so as 
described in the aforementioned location of Hu's design. In regards to claims 32, 34, 
40, 42, 49, 53 and 55, Hu discloses in Fig. 1 and in column 3, lines 58-67 through 
column 4, lines 1-16 how a gateway system resides between a client system and a 
server system and acts as an intermediary between the two systems by intercepting 
communications and allowing the client system to conform to the correct security 
mechanism associated with the server system. Hu also discloses in column 4, lines 59- 
67 through column 5, lines 1-3 that a server has as part of its own security mechanism 
the means to check an access control list (ACL) in order to determine whether a client 
seeking access has been authorized. These disclosure meet the limitations set forth 
under claims 32, 34, 40, 42, 49, 53 and 55 that call for analyzing messages related to 
client/server applications and filtering/altering them , thereby establishing a firewall 
because the ACL of Hu's design would filter/alter attempted communication by a client 
with a server if the client is not indicated in the ACL as authorized to communicate with 
the server. The ACL of Hu's design acts as a firewall for the server. 
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Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 35-37, 43-45, 50, and 56-58 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Hu in view of Gupta (U.S. Patent No. 6658565). In regards to claims 
35, 43, and 56, Hu's design meets all of the aforementioned limitations set forth under 
claims 30, 38, and 51 . However, Hu's design makes no mention of customizing a 
device according to a private encipherment key provided by the authentication module 
as well as storing the public encipherment key associated with the private encipherment 
key. Gupta teaches in column 1, lines 67 through column 2, lines 1-7 how public key 
cryptography is a well-known technique for performing remote authentication. Gupta 
further teaches in this location that with this method of secure communication each 
entity has a public encryption key as well as a private encryption key. It would have 
been obvious to one of ordinary skill in the art at the time the invention was made to 
incorporate Gupta's teachings on the use of public and private encryption keys into Hu's 
design in order to achieve a design that is capable of customizing a device according to 
a private encipherment key provided by the authentication module as well as storing the 
public encipherment key associated with the private encipherment key for the purposes 
of allowing for an even more secure communications stream. 
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7. In regards to claims 36, 44, 50 and 57, Hu's design meets all of the 
aforementioned limitations set forth under claims 30, 38, 46 and 51 . However, Hu's 
design makes no mention of allowing the security parameters to comprise a list of 
computer equipment and the corresponding public encipherment key, which the user is 
authorized to communicate with. Gupta teaches in column 1 , lines 67 through column 
2, lines 1-7 how public key cryptography is a well-known technique for performing 
remote authentication. Gupta further teaches in this location that with this method of 
secure communication each entity has a public encryption key as well as a private 
encryption key. It would have been obvious to one of ordinary skill in the art at the time 
the invention was made to incorporate Gupta's teachings on the use of public and 
private encryption keys into Hu's design in order to achieve a design that is capable of 
allowing the security parameters to comprise a list of computer equipment and the 
corresponding public encipherment key, which the user is authorized to communicate 
with for the purposes of allowing for an even more secure communications stream. 

8. In regards to claims 37, 45, and 58, Hu's design meets all of the aforementioned 
limitations set forth under claims 30, 38, and 51. However, Hu's design makes no 
mention of enciphering by the communications device between the computer equipment 
associated with the user and computer equipment on the list by combining the private 
encipherment key of the device with the public encipherment key of the computer 
equipment on the list. Gupta teaches in column 1 , lines 67 through column 2, lines 1-7 
how public key cryptography is a well-known technique for performing remote 
authentication. Gupta further teaches in this location that with this method of secure 
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communication each entity has a public encryption key as well as a private encryption 
key. It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to incorporate Gupta's teachings on the use of public and private 
encryption keys into Hu's design in order to achieve a design that is capable of 
enciphering by the communications device between the computer equipment 
associated with the user and computer equipment on the list by combining the private 
encipherment key of the device with the public encipherment key of the computer 
equipment on the list, for the purposes of allowing for an even more secure 
communications stream. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Joseph McArdle whose telephone number is (703) 305- 
7515. The examiner can normally be reached on Weekdays from 8:00 am - 5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (703) 305-1830. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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